SEC-1529: More user-friendly expressions on method annotations in EL chapter.

2025-05-31 01:02:14 +00:00 · 2010-08-05 18:14:11 +01:00 · 2010-08-05 18:14:11 +01:00 · e2ba500c3c
commit e2ba500c3c
parent 413b2a06e3
2 changed files with 11 additions and 10 deletions
--- a/docs/manual/src/docbook/el-access.xml
+++ b/docs/manual/src/docbook/el-access.xml
@ -157,14 +157,15 @@
                    if you wanted a particular method to only allow access to a user whose username
                    matched that of the contact, you could write</para>
                <programlisting>
- @PreAuthorize("#contact.name == principal.name)")
+ @PreAuthorize("#contact.name == authentication.name")
 public void doSomething(Contact contact);</programlisting>
-                <para>Here we are accessing another built–in expression, which is the
-                    <literal>principal</literal> of the current Spring Security
-                    <interfacename>Authentication</interfacename> object obtained from the security
-                    context. You can also access the <interfacename>Authentication</interfacename>
-                    object itself directly using the expression name
-                    <literal>authentication</literal>.</para>
+                <para>Here we are accessing another built–in expression, <literal>authentication</literal>,
+                    which is the <interfacename>Authentication</interfacename> stored in the
+                    security context. You can also access its <quote>principal</quote> property
+                    directly, using the expression <literal>principal</literal>. The value will
+                    often be a <interfacename>UserDetails</interfacename> instance, so you might use an
+                    expression like <literal>principal.username</literal> or
+                    <literal>principal.enabled</literal>.</para>
                <para>Less commonly, you may wish to perform an access-control check after the
                    method has been invoked. This can be achieved using the
                    <literal>@PostAuthorize</literal> annotation. To access the return value from a
--- a/docs/manual/src/docbook/introduction.xml
+++ b/docs/manual/src/docbook/introduction.xml
@ -260,10 +260,10 @@
            </section>
            <section xml:id="spring-security-config">
                <title>Config - <literal>spring-security-config.jar</literal></title>
-                <para>Contains the security namespace parsing code (and hence nothing that you are
-                    likely yo use directly in your application). You need it if you are using the
+                <para>Contains the security namespace parsing code. You need it if you are using the
                    Spring Security XML namespace for configuration. The main package is
-                    <literal>org.springframework.security.config</literal>.</para>
+                    <literal>org.springframework.security.config</literal>. None of the
+                    classes are intended for direct use in an application.</para>
            </section>
            <section xml:id="spring-security-ldap">
                <title>LDAP - <literal>spring-security-ldap.jar</literal></title>